Enterprise search systems allow content stored within an organization to be indexed, searched, and displayed to authorized users within the organization. In order to provide this functionality, enterprise search engines typically must index and query against structured and unstructured data and documents stored by multiple, independent, third-party enterprise software applications and systems. For instance, in many cases an enterprise search system must index and query against data stored in intranets, document and content management systems, file servers, corporate desktops, business applications such as customer relationship management and business intelligence applications, and other types of content stores.
In contrast to public search engines that search publicly available data and allow virtually any user to execute queries on the data, such as World Wide Web (“Web”) search engines, enterprise search systems generally index data for which access may be limited. For instance, a document indexed by an enterprise search system may have an associated access control list (“ACL”) that includes one or more access control entries (“ACEs”) that identify the access rights a user has to the document. As a result, when an enterprise search system executes a query, it must ensure that the user executing the query has sufficient access rights to view the search results returned in response to the query.
In order to determine whether a user has sufficient access rights to view search results, an enterprise search system may retrieve and store the access rights for a document at the time the document is added to the search index. At query time, the enterprise search system can utilize the previously stored access rights to determine if the user executing the query has sufficient rights to view the search results. Alternatively, an enterprise search system may query the back-end system at which each document in a set of search results is stored for access rights to the document for the user at the time the query is performed. A combination of these methods may also be utilized to minimize drawbacks present in each method.
Regardless of whether the access rights are retrieved at the time a document is added to the search index or at query time, enterprise search systems must interface with the back-end computer systems at which the indexed documents are stored in order to retrieve the access rights. Often, however, the security sub-systems of each third-party back-end computer system utilize application programming interfaces (“APIs”) that are disparate, arcane, and proprietary. As a result, it may be necessary to create custom program code to interface with each back-end security sub-system API each time a new type of back-end content store is added to an enterprise search system. This generally makes the integration between enterprise search systems and third-party data store systems difficult, expensive, and time consuming.
It is with respect to these considerations and others that the disclosure made herein is provided.